CVE-2016-9950

2016-12-17 04:59:00 2017-01-07 04:00:45

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Canonical Ubuntu Linux 12.10

Apport project Apport 2.20.3 (not an official CPE)

Apport project - Apport Canonical - Ubuntu linux

Advisory	Patch	Confirmed	Link
			USN-3157-1
			https://bugs.launchpad.net/apport/+bug/1648806
			https://donncha.is/2016/12/compromising-ubuntu-desktop/
			https://github.com/DonnchaC/ubuntu-apport-exploitation
			95011
			40937

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)